Privacy Policy (GDPR)

1. Data Controller

Controller: [TO BE COMPLETED - Full name]

GDPR contact: contact@commissia.com

2. Data Collected

We collect the data necessary for the service to function: account information, organisation data, sales/import data and audit logs.

3. Purposes and Legal Bases

Main purposes: provision of the SaaS service, security, customer support, product improvement, legal obligations.

Legal basis: performance of a contract, legitimate interest, and legal obligation as applicable.

4. Retention Period

Data is retained for the period necessary for the service and legal obligations, then deleted or anonymised in accordance with our internal policy.

5. Sub-processors

We use technical service providers for hosting, database and authentication (e.g. Vercel, Supabase), bound by contractual data protection obligations.

6. Transfers Outside the EU

Some processing may involve transfers outside the EU. In such cases, appropriate safeguards (e.g. standard contractual clauses) are applied.

7. Your Rights

You have the rights of access, rectification, erasure, restriction, objection and portability, within the limits provided by law.

To exercise your rights: contact@commissia.com

8. Cookies

The website may use technical cookies necessary for its operation. If analytics or marketing cookies are added, a consent banner will be displayed.